Data sharing and storage control system and method

ABSTRACT

A data sharing control method. The method includes detecting a plurality of images on one or more devices operated by a first user, the one or more devices comprising a particular device. A plurality of tags are determined for the plurality of images, and a plurality of settings are received based on the plurality of tags from a second user. A particular image is detected on the particular device. One or more particular tags of the particular image on the particular device are determined, and a sharing action of the particular image by the particular device is blocked based on the plurality of settings and the one or more particular tags.

CROSS REFERENCE TO RELATED APPLICATION(S)

This application is a continuation of U.S. Pat. Application Serial No.17/028,182, filed Sep. 22, 2020, which is incorporated by reference asif fully set forth.

FIELD OF INVENTION

The invention relates generally to computing device control, and moreparticularly to restricting data sharing and storage by a computingdevice.

BACKGROUND

Images stored by computing devices either locally or via remote or cloudbased storage services can be a privacy risk. Smart phones, tabletcomputers, laptops and personal computers for instance may be enabled tocapture and store images, and users may be enabled to share such imageswith other users or services via applications executed by the devices.Users may not even be aware when they are sharing privacy sensitiveimages.

Privacy sensitive images can include for example images showing creditcard numbers and images including indications of location, for instanceincluding image location. Users may unwittingly send image data withprivate or identifying information, for example exchangeable image fileformat (“Exif”) data. Children may send to or receive from their peersexplicit images despite parents’ efforts to restrict such activity.

SUMMARY

This Summary introduces simplified concepts that are further describedbelow in the Detailed Description of Illustrative Embodiments. ThisSummary is not intended to identify key features or essential featuresof the claimed subject matter and is not intended to be used to limitthe scope of the claimed subject matter.

A data sharing control method is provided. The method includes detectinga plurality of images on one or more devices operated by a first user,the one or more devices comprising a particular device. A plurality oftags are determined for the plurality of images, and a plurality ofsettings are received based on the plurality of tags from a second user.A particular image is detected on the particular device. One or moreparticular tags of the particular image on the particular device aredetermined, and a sharing action of the particular image by theparticular device is blocked based on the plurality of settings and theone or more particular tags.

Further provided is a network-enabled device control system. The controlsystem includes a first computing system including at least a firstprocessor and at least a first non-transitory computer readable storagemedium having encoded thereon first instructions that when executed bythe at least the first processor cause the first computing system toperform a first process. The first process includes detecting aplurality of images on the first computing system, determining aplurality of tags for the plurality of images, transmitting via anetwork the plurality of tags, detecting a particular image on the firstcomputing system, determining one or more particular tags of theparticular image, and blocking a sharing action of the particular image.The control system further includes a second computing system includingat least a second processor and at least a second non-transitorycomputer readable storage medium having encoded thereon secondinstructions that when executed by the at least the second processorcause the second computing system to perform a second process. Thesecond process includes receiving the plurality of tags from the firstcomputing system, querying a second user based on the plurality of tags,receiving a plurality of settings from the second user, and transmittingthe plurality of settings to the first computing system, wherein theblocking the sharing action of the particular image by the firstcomputing system is based on the plurality of settings and the one ormore particular tags.

Further provided is a data storage control method. The data storagecontrol method includes detecting a plurality of images on one or moredevices operated by a first user, the one or more devices including aparticular device. A plurality of tags for the plurality of images aredetermined, and a plurality of settings based on the plurality of tagsare received from a second user. A particular image is detected on theparticular device, and one or more particular tags of the particularimage on the particular device are determined. A security action isperformed on the particular image on the particular device based on theplurality of settings and the one or more particular tags.

Further provided is a method including detecting a plurality of imageson one or more devices operated by a user, the one or more devicesincluding a particular device. A plurality of tags are determined forthe plurality of images, a plurality of settings are received from theuser based on the plurality of tags. A particular image is detected onthe particular device, and one or more particular tags of the particularimage on the particular device are determined. A security action isperformed on the particular image on the particular device based on theplurality of settings and the one or more particular tags.

BRIEF DESCRIPTION OF THE DRAWING(S)

A more detailed understanding may be had from the following description,given by way of example with the accompanying drawings. The Figures inthe drawings and the detailed description are examples. The Figures andthe detailed description are not to be considered limiting and otherexamples are possible. Like reference numerals in the Figures indicatelike elements wherein:

FIG. 1 shows a system enabling controlling data transmission and storageon computing devices according to illustrative embodiments.

FIG. 2 shows a process flow for controlling data transmission andstorage on computing devices according to the illustrative embodiments.

FIG. 3 shows an expansion of the process flow of FIG. 2 for controllingdata transmission and storage on computing devices according to theillustrative embodiments.

FIG. 4 shows another process flow for controlling data transmission andstorage on computing devices according to the illustrative embodiments.

FIGS. 5A-5H show example interactive displays for receiving controlsettings for controlling data transmission and storage on computingdevices according to the illustrative embodiments.

FIGS. 5I-5M show example interactive displays for providing alertnotices regarding data transmission on controlled computing devices.

FIG. 6 is a flowchart showing a data sharing control method according toan illustrative embodiment of the invention.

FIG. 7 is a flowchart showing a data storage control method according toan illustrative embodiment of the invention.

FIG. 8 shows an illustrative computer system for performing describedmethods according to the illustrative embodiments.

DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENT(S)

Embodiments of the invention are described below with reference to thedrawing figures wherein like numerals represent like elementsthroughout. The terms “a” and “an” as used herein do not denote alimitation of quantity, but rather denote the presence of at least oneof the referenced items.

Referring to FIG. 1 , a system 10 for enabling control of a computingdevice 12 (hereinafter “user device 12”) is provided in a communicationsnetwork 4 including one or more wired or wireless networks or acombination thereof, for example including a local area network (LAN), awide area network (WAN), the Internet, mobile telephone networks, andwireless data networks such as WiFi™ and 3G/4G/5G cellular networks. Thesystem 10 permits a supervisory user operating another computing device16 (hereinafter “supervisor device 16”) to set controls for a pluralityof user devices 12 operated by a supervised user. The system 10 furtherpermits a supervisory user to set controls on their own supervisordevice 16. The supervisory user for example can include a parent, andthe supervised user for example can include a child of the parent.

A supervisory user is enabled to provide settings for controlling asupervised user’s electronic activity, particularly the storage andsharing of images. Electronic activity analysis and image analysis ofelectronic chats, messages, and conversations is enabled via anetwork-connectable processor-enabled control manager 20 and a controlagent 14 across a plurality of digital platforms. The system 10 via thecontrol manager 20 and control agent 14 on the user devices 12 providesalerts to supervised users and alerts and activity summaries tosupervisory users.

Particularly, the system 10 enables identification of sensitive imageson a user device 12 by application of a sensitive image classificationalgorithm via the control agent 14. Sensitive images can be removed ordeleted from the user device 12 by the control agent 14 or transferredto a secure datastore 61 beneficially encrypted and password protected,which may be inaccessible or accessible to a supervised user.Alternatively, suggestions of images which should potentially be removedor deleted or transferred to a secure datastore 61 can be provided to asupervisory user via a supervisor application 40 on a supervisor device16. Social media channels or applications enabling image sharing can beblocked. A supervisory user can be notified if a supervised user (e.g.,their child), or if they themselves, share sensitive images. Asupervisory user can be alerted of habits of a supervised user on socialmedia, for example whether a supervised user shares sports images,school images, or party images. A supervisory user can be alerted ofwhether a supervised user has attempted or has succeed in circumventingblocked social media channels, for example via web-based screen captureservices. A supervisory user can be informed of what kinds of images(e.g., sports images, party images) a supervised user stores on theiruser device 12. The supervisory user can be provided a summary of asupervised user’s images. Further, image metadata of a supervised user’simages can be obfuscated via the control agent 14 either automaticallyor based on input by the supervisory user via the supervisor application40. Moreover, image metadata of the supervisory user’s own images can beobfuscated via the control agent 14 either automatically or based oninput by the supervisory user via the supervisor application 40.

The user devices 12 and supervisor device 16 operate in the network 4,which devices can be mobile and as such can be located in differentgeographic areas. The user devices 12 and supervisor device 16 can eachinclude for example a smart phone or other cellular-enabled mobiledevice configured to operate in a wireless telecommunications network.Alternatively, the user devices 12 and supervisor device 16 can eachinclude a personal computer, tablet device, video game console,television controller, set-top box, digital media player or othercomputing device. User devices 12 can be assigned to a particular user,as is typical for example with a mobile phone, or shared among more thanone user, as is typical with video game consoles, televisioncontrollers, and set-top boxes.

A user operates a user device 12 with a control agent 14 active.Software and/or hardware residing on the user device 12 enables thecontrol agent 14 to monitor and restrict use of the user device 12 andcontent accessible by the user device 12. Software and/or hardwareresiding on the user device 12 further enables messaging applications50, for example Short Message Service (“SMS”) messaging applications orapplications supporting other messaging protocols, for example via3G/4G/5G cellular protocols, WiFi™ protocol or TCP/IP through theInternet. A user can implement the messaging applications 50 for exampleto connect to a message forwarding center, for example via GSM wirelessprotocol or TCP/IP through the Internet, to communicate with other userdevices 12. Social media applications 52, internet browsers 54, alocation determining system 62, an operating system 64, a user interface66, and a camera 68 are also enabled by software and/or hardwareresiding on the user device 12.

The control agent 14 can be configured as a standalone applicationexecutable by a processor of the user device 12 in communication withthe messaging applications 50, social media applications 52, internetbrowsers 54, a location determining system 62, an operating system 64, auser interface 66, and a camera 68 or other communication facilitatingor content providing applications or functional components of the userdevice 12. Alternatively, the control agent 14 can be provided as aprocessor-implemented add-on application integral with the messagingapplications 50, social media applications 52, internet browsers 54, orother communication facilitating or content providing applications. Thecontrol agent 14 is manage and block the sharing and storage of imagedata including photographic and video data available to a user of theuser device 12 through the messaging applications 50, social mediaapplications 52, internet browsers 54, camera 68 or other communicationfacilitating or content providing applications or functional componentsof the user device 12.

The network-connectable processor-enabled control manager 20 is used forcontrolling use of the user devices 12 via the control agent 14 andcommunicating with a supervisory user via a supervisor application 40.The operation of the control manager 20 is described herein with respectto the user devices 12 and the supervisor device 16. One skilled in theart will recognize that the control manager 20 can operate with othersuitable wired or wireless network-connectable computing systems. Thecontrol manager 20 includes a classifier engine 22, a classifierdatastore 24, a user datastore 26, a supervisor application programinterface (“API”) 28, a control application program interface (“API”)30, a telecommunication carrier (“telecom”) interface 32, and anaggregation engine 34.

The control manager 20 can be implemented on one or morenetwork-connectable processor-enabled computing systems, for example ina peer-to-peer configuration, and need not be implemented on a singlesystem at a single location. The control manager 20 is configured forcommunication via the communications network 4 with othernetwork-connectable computing systems including the user device 12,supervisor device 16 and a telecommunication carrier system implementingan application program interface (“Telecom API”) 80 enablingcommunications of the user device 12. Alternatively, the control manager20 or one or more components thereof can be executed on the user device12, supervisor device 16, or other system. The supervisor application 40provided on the supervisor device 16 can include a downloadable softwareapplication specially configured for interface with the supervisor API28 to receive notices from and communicate control settings to thecontrol manager 20 via the supervisor API 28, the control settingsdictating controls implemented by the control manager 20 and the controlagent 14. Alternatively, the supervisor application 40 can include ageneric web browser or other application allowing a user of thesupervisor device 16 to receive notices from and communicate controlsettings to the control manager 20 via the supervisor API 28.

The control agent 14 monitors electronic communication activity,application use, and stored data, including image data, of user devices12 operated by a supervised user. The control agent 14, or alternativelythe control manager 20 via the classifier engine 22 and classifier datastored in the classifier datastore 24, infers tags from images stored onthe user device 12, beneficially by using a deep learning artificialintelligence classifier. Inferred tags are correlated with sharingsettings provided by a supervisory user via the supervisor application40 by which a sharing policy can be generated for enforcement by thecontrol agent 14 on the user device 12. Image sharing activities can beblocked and images deleted, removed, or obfuscated by such sharingpolicy via the control agent 14. Further, a supervisory user (e.g., aparent) is informed of trends of activities of the supervised user(e.g., a child) particularly image sharing activities and image captureactivities.

Sensitive image information can include objects, surroundings, andpeople (e.g., user or other people) in the images. Sensitive imageinformation can further include metadata attached to images, for examplemetadata defined in exchangeable image file format standard (hereinafter“Exif”). Exif metadata can include camera setting information, time anddate information, image preview thumbnails, copyright information, andimage descriptions. Countermeasures employed by the control agent 14responsive to detecting sensitive information in an image can includeobfuscating the image or image metadata, blurring objects in the image,and editing permissions of the image. For example metadata (e.g., Exifmetadata) can be obfuscated or removed from an image prior to grantingaccess to a non-standard or non-authorized application which attemptsreading the image. Beneficially, the actions of the control agent 14leave images intact and only change system-level permissions to theimages.

Beneficially, an image classifier is built via one or both of thecontrol agent 14 and the control manager 20 and stored in the classifierdatastore 24 or by the control agent 14 on a user device 12. The imageclassifier is configured to designate images as sensitive ornon-sensitive. A user may want to keep sensitive images private, but mayallow non-sensitive images to be distributed in a more public manner.For example, the image classifier applied by the control agent or theclassifier engine 22 can classify an image as public or private usingimage tags as inputs. Tags can be repurposed to create effective accesscontrol links. Beneficially tags are inferred from images andcorrelations are made between the image tags and privacy settingsprovided by a supervisory user via the supervisor application 40 andstored in the user datastore 26.

The control agent 14 is configured to detect images including stillimages and video generated by a user device 12 via a camera 68 andimages transmitted to and received by the user device 12, for examplevia communication through the network 4. Policies including rules areapplied by the control agent 14 or control manager 20 over tags of theimages to determine action to be taken with respect to detected images.Policies including rules are stored in one or both of the user datastore26 and the policy datastore 60. Particularly system-level accesspermissions are applied to individual image files for example to preventaccess for certain applications, for example certain social mediaapplications 52. Sharing permissions stored in the policy datastore 60are applied to individual image files on the user device 12 by which thecontrol agent 14 governs which parties or applications or services mayreceive the image files on the user device 12. An alert can betransmitted via the control agent 14 to a supervisor device 16 of asupervising user if a sensitive image is attempted to be shared by, oralternatively is stored on, a user device 12 monitored by thesupervisory user.

The system 10 via the control agent 14 and the control manager 20 isconfigured to derive appropriate image tags to reason about theircontent and sensitivity, match image tags against rules to determine ifthe images are sensitive, and securely share image tags betweensupervised user devices 12 and supervisor devices 16 (e.g., via M:Nsecure multiparty communication). Referring to FIG. 2 , a process flow100 enabled by the user devices 12, the control agent 14, the supervisordevice 16, the supervisor application 40, and the control manager 20 isshown. A supervised user 6 is enabled to download, access, share, orotherwise interact with images 102 in an interaction 101. The images 102are stored on the user device 12 in an image datastore 56, oralternatively are accessible to the user device 12 for example vianetwork-based storage. Images 102 include metadata 104 and inferredimage tags 108, inferred by an inferring process 106. Beneficially theinferring process 106 implements an artificial intelligence basedclassifier enabled either by the control agent 14 or by the classifierengine 22 of the control manager 20. The metadata 104 and the image tags108 from each user device 12 of a particular supervised user 6 aretransmitted to a supervisor device 16 in a communication 110 for examplevia the supervisor API 28 and the control API 30 of the control manager20. A secure sharing protocol for example Secure Sockets Layer (“SSL”)protocol, is implemented in the communication 110. The communication 110can be further facilitated by the aggregation engine 34 which aggregatesimage data from a plurality of user devices 12 for transmission to thesupervisor device 16. Securely sharing the image tags 108 or both themetadata 104 and the image tags 108, as opposed to sharing image filesis beneficial as it lowers communication bandwidth and computerprocessing requirements for the user device 12, supervisor device 16,and a system executing the control manager 20 or components thereof.

In a particular implementation, the metadata 104, the image tags 108, orboth can be transmitted in the communication 110 responsive to aparticular frequency of identification or a particular quantity ofidentification of particular image tags 108 on the user device 12. Forexample, a communication 110 can be triggered responsive to a superviseduser 6 frequently sharing (e.g., sharing greater than a thresholdfrequency) or sharing a large quantity (e.g., sharing greater than athreshold quantity) of images for which “party” tags 108 are inferred.The supervisory user can be queried for example whether or not to allowfurther sharing of images including “party” tags 108.

A supervisory user 8 is enabled to download, access, share, or otherwiseinteract with images 103. The images 103 are stored on the supervisordevice 16 or alternatively are accessible to the supervisor device 16for example via network-based storage. Images 103 include metadata 105and inferred image tags 109, inferred by an inferring process 107.Beneficially the inferring process 107 implements an artificialintelligence based classifier enabled either by the supervisorapplication 40 or by the classifier engine 22 of the control manager 20.

The metadata 104 and the inferred image tags 108 are correlated (process112) with settings 116 received from a supervisory user 8 through afirst supervisor interaction 114. Beneficially, the settings 116 includeindications of allowable sharing frequency (e.g., daily, hourly,weekly), allowable quantity of shared images (e.g., 10 pictures or 3videos a week), types of images which can be shared (e.g., landscapes -yes, selfies - no), allowable network location (e.g., URL or domainname) or application platform where images can be shared (e.g., toFacebook™, Twitter™, or Instagram™ websites or platforms), or socialnetwork user group (e.g., friend group) where images can be shared.

A policy is defined (process 124) beneficially aggregating thecorrelated settings defined in the process 112. Received metadata 104 orinferred image tags 108 can trigger an alert 120 based on achieving aparticular threshold 118, the alert 120 for example triggered based onthe presence of a threshold number of inferred image tags 108corresponding to sensitive subject matter or a threshold number of imagetags 108 not recognized and not associated with any setting. Furthersettings can be received from the supervisory user 8 through a secondsupervisor interaction 122 responsive to the alert 120 to further definethe policy (process 124). Beneficially, a feedback loop is enabled inwhich settings from a supervisory user 8 acquired based on genericlabels are supplemented with settings from the supervisory user 8acquired based on image tags 108 inferred from images 102 captured by orreceived by a user device 12 of a supervised user 6.

Aggregated settings of the defined policy are transferred to the userdevices 12 of the supervised user 6 in a communication 130. A policy 132including aggregated settings 136 is enforced (process 134) via thecontrol agent 14 on the user devices 12 and the supervised user 6 isalerted of the enforcement by the supervised user alert 138. In responseto the enforcement process 134, a supervised user 6 is enabled via thecontrol agent 14 to request an override of enforced aggregated settings136 and a supervisory user 8 is enabled to grant or deny an overriderequest via a negotiation process 140.

A supervisory user 8 may desire alerts or action based on the storing orsharing of images 103 on their own supervisor device 16, for example tomanage images 103 which include sensitive information which is notimmediately apparent. The supervisor application 40 can enable alerts oractions based on the images 103 on the supervisor device 16 oralternatively images 103 accessible to the supervisor device 16 forexample via network-based storage. The supervisory user 8 is enabled todownload, access, share, or otherwise interact with the images 103. Theimages 103 include metadata 105 and inferred image tags 109 inferred byan inferring process 107. Beneficially, the inferring process 107implements an artificial intelligence based classifier enabled either bythe supervisor application 40 or by the classifier engine 22 of thecontrol manager 20. The metadata 105 and the inferred image tags 109 arecorrelated (process 112) with settings 116 received from a supervisoryuser 8 through a first supervisor interaction 114. A policy is defined(process 124) beneficially aggregating the correlated settings definedin the process 112. Received metadata 105 or inferred image tags 109 cantrigger an alert 120 based on achieving a particular threshold 118, thealert 120 triggered for example based on the presence of a thresholdnumber of inferred image tags 109 corresponding to sensitive subjectmatter or a threshold number of image tags 109 not recognized and notassociated with any setting. Further settings can be received from thesupervisory user 8 through a second supervisor interaction 122responsive to the alert 120 to further define the policy (process 124).Beneficially, a feedback loop is enabled in which settings from asupervisory user 8 acquired based on generic labels are supplementedwith settings from the supervisory user 8 acquired based on image tags109 inferred from images 103 captured by or received by a supervisordevice 16 of a supervisory user 8.

Referring to FIG. 3 an expanded process flow 200 sets forth thecommunication 110 including the metadata 104 and the image tags 108 fromthe user device 12 to the supervisor device 16, and shows thecommunication 130 of aggregated settings from the supervisor device 16to the user device 12. The process flow 200 further details thenegotiation process 140. The negotiation process 140 firstly permits asupervised user 6 via the control agent 14 on the user device 12 in acommunication 142 to request an override of a restriction based on aproperly classified image (i.e., an exception) or based on amisclassification of an image. The request from the user device 12 caninclude explanatory text entered by the supervised user 6 for exampleexplaining why the override should be granted. The negotiation processpermits the supervisory user to grant or deny the override request(process 144) via the supervisor application 40 on the supervisor device16.

The system 10 enables the correlating (process 112) of image tags and asupervisory user’s privacy settings (e.g., file sharing settings) onmultiple user devices 12 operated by a particular supervised user 6. Forexample a supervisory user via the supervisor application 40 can rankimage tags by order of sensitivity or select tags that the supervisoryuser considers to be particularly sensitive. Negotiation betweensupervised user 6 and supervisory user (process 140) can includenegotiating regarding which tags are sensitive, the number of imageswhich can be stored or shared, target groups (e.g., social networkpeers) with whom images can be shared, content of shared images,frequency of image sharing, and domains with which images can be shared.The system 10 enables correlating image tags from multiple user devices12 of a particular user for the purpose of defining, pushing, andenforcing a security policy for image sharing on the multiple userdevices 12. As such a supervised user 6 is precluded from usingdifferent user devices 12 to circumvent a particular security policy,for example a security policy imposing restrictions on the frequency ofsharing images.

For instance, parents may not want their children’s content (e.g.,photos and videos) to be shared on a publically accessible networkplatform (e.g., YouTube) where such content may become viral. A parentcan impose settings via the supervisor application 40 such that theirchild can share their images (e.g., selfies) with a limited number offriends but cannot broadcast their images publicly on social media orshare with more than a threshold number of people (e.g., 5, 10, or 20people). A tag can reflect for example level of sensitivity, contenttype (selfie vs landscape), whether an image includes the face of achild user of the user device 12. Rules created based on a parent’sinteractions 114, 122 for example can include rules that allow sharingof pictures of landscapes, but do not allow sharing selfies with socialmedia platforms.

The system 10 enables a protocol to securely share image tags 108 andmetadata 104 (communication 110) between user devices 12 and thesupervisor device 16 for the purpose of determining theirprivacy/sensitivity level. The system 10 enables negotiating exceptionsor misclassifications (process 140, 142) to permit sharing bytransmitting to a supervisory user the blocked images, transmitting thetags of the blocked images, or transmitting the blocked images and thetags of the blocked images.

Referring to FIG. 4 , a process flow 300 enabled by one or more userdevices 12, one or more control agents 14, a supervisor device 16, asupervisor application 40, and the control manager 20 responsive to anupload request by an application is shown. In a background task, tags ofimages stored in the image datastore 56 of the user device 12 areinferred (step 310) using a private image tagger 90. Determined tags arestored in a tag datastore 58. When a network-connectable social mediaapplication 52 on a user device 12 requests upload of an image (step312) from the image datastore 56, for example based on an action from auser of the user device 12, a trigger (step 314) is generated whichcauses the control agent 14 to perform an image privacy check (step316). The upload request is allowed or blocked (step 318) based on therequested image, including its metadata and tags from the tag datastore58, and whether policy settings define the requested image as a privacysensitive image 82 or a clean (i.e., not privacy sensitive) image 84. Ablocked request results in a notification (step 320) transmitted to thesupervisory user via the supervisor application 40 on the supervisordevice 16.

Referring to FIGS. 2 and 5A-5H, a user interface 42 enabled by thesupervisor application 40 on the supervisor device 16 providesinteractive displays for entering and editing control settings by asupervisory user such as a parent. Referring to FIGS. 2 and 5A, a firstexample interactive display 400 in a user interface 42 of the supervisordevice 16 provides a supervisory user 8, in this example a parent, alist of example image tags and queries the supervisory user 8 to selectexample image tags which the supervisory user considers sensitive on theuser device 12 of a supervised user 6 under their supervision, in thiscase the parent’s child. The example selectable image tags in the firstexample interactive display 400 include “party,” “food,” “home,”“outside,” “child,” and “sports.” The display of and user selection ofthe image tags can for example constitute at least a portion of thefirst supervisor interaction 114 with the supervisory user 8, definingthe settings 116.

Referring to FIGS. 2 and 5B, a second example interactive display 402 inthe user interface 42 enabled by the by the supervisor application 40provides a parent supervisory user 8 a list of inferred image tags 108inferred from images stored on one or more user devices 12 of theirchild, a supervised user 6, and queries the supervisory user 8 to selectimage tags 108 which the supervisory user 8 considers sensitive on theuser device 12 of their child. The selectable inferred image tags 108 inthe second example interactive display 402 include “car,” “classroom,”“playground,” “school bus,” “swimming,” “bicycle,” and “baseball.” Thedisplay of and user selection of the inferred image tags 108 can forexample constitute at least a portion of the first supervisorinteraction 114 or the second supervisor interaction 122 with thesupervisory user 8, defining the settings 116 and defining the policy(process 124).

Referring to FIGS. 2 and 5C, a third example interactive display 404 inthe user interface 42 provides a supervisory user 8 a list of exampleimage tags and queries the supervisory user 8 to select image tags whichthe supervisory user 8 considers sensitive on one or more of theirsupervisor devices 16, for example their own smart phones. The exampleselectable example image tags in the third example interactive display404 include “party,” “food,” “home,” “outside,” “child,” “sports,” and“office.” The display of and user selection of the image tags can forexample constitute at least a portion of the first supervisorinteraction 114 with the supervisory user 8, defining the settings 116.

Referring to FIGS. 2 and 5D, a fourth example interactive display 406 inthe user interface 42 provides a supervisory user 8 a list of inferredimage tags 108 inferred from images stored on one or more supervisordevices 16 of the supervisory user and queries the supervisory user toselect image tags 108 which the supervisory user considers sensitive onone or more of their supervisor devices 16, for example their smartphones. The example selectable inferred image tags 108 in the fourthexample interactive display 406 include “alcohol,” “computer,”“exercise,” “amusement park,” “beach,” and “supermarket.” The display ofand user selection of the inferred image tags 108 can for exampleconstitute at least a portion of the first supervisor interaction 114with the supervisory user 8, defining the settings 116.

Referring to FIGS. 2 and 5E, a fifth example interactive display 408 inthe user interface 42 queries a supervisory user 8, a parent, to selectone or more listed actions to take when one or more sensitive images aresaved on a user device 12 of a supervised user 6 under theirsupervision, their child. The selectable actions in the fifth exampleinteractive display 408 include “alert me,” “transfer photo to securedatastore,” “remove photo from child’s device,” “obfuscate photometadata,” and “obscure sensitive objects in photo.” The display of anduser selection of the selectable actions can for example constitute atleast a portion of the first supervisor interaction 114 with thesupervisory user 8, defining the settings 116.

Referring to FIGS. 2 and 5F, a sixth example interactive display 410 inthe user interface 42 queries a supervisory user 8, a parent, to selectone or more listed actions to take when one or more sensitive images areattempted to be shared on a user device 12 of a supervised user 6 undertheir supervision, their child. The selectable actions in the sixthexample interactive display 410 include “alert me,” “block sharing,”“transfer photo to secure datastore,” “remove photo from child’sdevice,” “obfuscate photo metadata,” and “obscure sensitive objects inphoto.” The display of and user selection of the selectable actions canfor example constitute at least a portion of the first supervisorinteraction 114 with the supervisory user 8, defining the settings 116.

Referring to FIGS. 2 and 5G, a seventh example interactive display 412in the user interface 42 queries a supervisory user 8 to select one ormore listed actions to take when one or more sensitive images are savedon a supervisor device 16 of the supervisory user, for example a smartphone. The selectable actions in the seventh example interactive display412 include “alert me,” “transfer photo to secure datastore,” “obfuscatephoto metadata,” and “obscure sensitive objects in photo.” The displayof and user selection of the selectable actions can for exampleconstitute at least a portion of the first supervisor interaction 114with the supervisory user 8, defining the settings 116.

Referring to FIGS. 2 and 5H, an eighth example interactive display 414in the user interface 42 queries a supervisory user to select one ormore listed actions to take when one or more sensitive images areattempted to be shared on a supervisor device 16 of the supervisoryuser, for example a smart phone. The selectable actions in the eighthexample interactive display 414 include “alert me,” “block sharing,”“transfer photo to secure datastore,” “obfuscate photo metadata,” and“obscure sensitive objects in photo.” The display of and user selectionof the selectable actions can for example constitute at least a portionof the first supervisor interaction 114 with the supervisory user 8,defining the settings 116.

Referring to FIGS. 2, 3, and 5I, a ninth example interactive display 416in the user interface 66 of a user device 12 includes the superviseduser alert 138 in the form of a notice to a supervised user 6 (e.g., achild of a parent supervisory user 8) on a user device 12 that anattempted sharing of a particular image (“image245.jpg”) 102 has beenblocked, and the blocked particular image 418 is displayed. A “requestoverride” button 420 is also displayed to allow the supervised user 6 toinitiate an override request to a supervisory user. A user selection ofthe “request override” button 420 initiates the negotiation process 140,and more particularly initiates the override request of communication142.

Referring to FIGS. 2, 3, and 5J, a tenth interactive display 422 in theuser interface 66 provides a notice to a supervised user 6 (e.g., achild of a parent supervisory user) on a user device 12 indicating thatan attempted sharing of a particular image 102 has been blocked. Theimage tags (“baseball” and “crowd”) which triggered the blocking of theimage are indicated. A “request override” button 426 is displayed toallow the supervised user 6 to transmit an override request to asupervisory user 8. The supervised user 6 is enabled to input a messagein a text field 424 to send to a supervisory user 8 with the overriderequest. A user selection of the “request override” button 426 initiatesthe negotiation 140, and more particularly initiates the overriderequest of communication 142 which can include the message input in thetext field 424.

Referring to FIGS. 2 and 5K, an eleventh example interactive display 430in the user interface 42 provides the alert 120 in the form of a noticeto a supervisory user 8 (e.g., a parent) on a supervisor device 16 thata particular image 102 was blocked from sharing on the user device 12 ofa supervised user 6 (“Jimmy”, their child). The notice indicates that aparticular image 102 (“image245.jpg”) was blocked from sharing on theuser device 12 based on particular image tags (“baseball” and “crowd”)of the particular image 102. The notice further provides a parentsupervisory user 8 a list of other inferred image tags 108 inferred fromthe blocked particular image 102 stored on one or more user devices 12of their child, the supervised user 6, and queries the supervisory user8 to select image tags 108 which the supervisory user 8 considerssensitive on the user device 12 of their child. The selectable inferredimage tags 108 in the eleventh example interactive display 430 include“stadium,” “summer,” “beer,” and “concert.” The display of and userselection of the inferred image tags 108 can for example constitute atleast a portion of the first supervisor interaction 114 or the secondsupervisor interaction 122 with the supervisory user 8, defining thesettings 116 and defining the policy (process 124).

Referring to FIGS. 2, 3, and 5L a twelfth example interactive display440 in the user interface 42 provides a notice to a supervisory user 8(e.g., a parent) on a supervisor device 16 that a supervised user 6(“Jimmy”, their child) requests override of an image share block ontheir user device 12. The notice is beneficially provided based on thenegotiation process 140, and more particularly is provided based on theoverride request of communication 142. The notice indicates that aparticular image 102 (“image245.jpg”) was blocked from sharing on theuser device 12 based on particular image tags (“baseball” and “crowd”)of the particular image 102. A message box 442 includes a message fromthe supervised user 6 regarding the blocked particular image 102. A“deny” button 444 is provided to permit the supervisory user to initiatethe grant/deny override request process 144 to deny the overriderequest. A “grant override” button 446 is provided to permit thesupervisory user to initiate the grant/deny override request process 144to override the block and allow the supervised user 6 to share theparticular image on the user device 12. A “more” button 448 can beprovided to show more options or provide a new display.

Referring to FIGS. 2, 3, 5L, and 5M, a thirteenth example interactivedisplay 450 in the user interface 42 provides a further notice to asupervisory user 8 (e.g., a parent) on a supervisor device 16 that asupervised user 6 (“Jimmy,” their child) requests override of an imageshare block on their user device 12. The particular image 418 that wasblocked from sharing on the user device 12 is shown. A “deny” button 452is provided to permit the supervisory user to initiate the grant/denyoverride request process 144 to deny the override request. A “grantoverride” button 454 is provided to permit the supervisory user toinitiate the grant/deny override request process 144 to override theblock and allow the supervised user 6 to share the particular image 418.The thirteenth example interactive display 450 can be shown for exampleresponsive to actuation of the “more” button 448 of the twelfthinteractive display 440.

Referring to FIG. 6 , a flowchart shows a data sharing control method500 for controlling data transmission on network-connectable devices.The method 500 and associated processes are described with reference tothe components of the system 10 shown in FIG. 1 , including the userdevice 12, the supervisor device 16, the processor-enabled controlmanager 20, the control agent 14, and the supervisor application 40.Alternatively, the method 500 can be performed via other suitablesystems.

The method 500 includes detecting a plurality of images on one or moredevices operated by a first user (step 502), the one or more devicesincluding a particular device. A plurality of tags are determined forthe plurality of images (step 504).

A plurality of settings are received based on the plurality of tags froma second user (step 506). Beneficially, the plurality of tags aretransmitted from the one or more devices to a computing system of thesecond user, the second user is queried based on the plurality of tags,and the settings are received responsive to the querying. The receivingthe settings can include for example receiving an indication of anallowable sharing frequency or receiving an indication of an allowablesharing target (e.g., a particular network destination, particular user,or particular user group) or a disallowable sharing target.

A particular image is detected on the particular device (step 508).Detecting the particular image can include for example detecting aparticular image which had been captured by a camera of the particulardevice or detecting that a particular image that had been received byelectronic communication by the particular device. One or moreparticular tags of the particular image are determined (step 510), and asharing action of the particular image is blocked by the particulardevice based on the plurality of settings and the one or more particulartags (step 512). Also, beneficially an alert is transmitted to thesecond user based on the plurality of settings and the one or moreparticular tags. Other settings can be received from the second userresponsive to the alert, an other particular image can be detected onthe particular device, and an other sharing action of the particularimage can be blocked by the particular device based on the othersettings and the one or more particular tags.

The determining the plurality of tags can include for example applyingan image classifier to the plurality of images. A sharing policy can begenerated based on the plurality of settings and the plurality of tags,for example by a computing system of the second user, the sharing policycan be transmitted to the particular device, and the blocking by theparticular device the sharing action of the particular image can bebased on the sharing policy. Further, the sharing policy can betransmitted to any or all of the plurality of devices including theparticular device, and a sharing action of the particular image on anyor all of the plurality of devices can be blocked by any or all of theplurality of devices based on the sharing policy. Further, a ranking ofthe plurality of tags can be determined based on the settings, and theblocking the sharing action can be based on the ranking of the pluralityof tags.

An attempt to share the particular image by the particular device can bedetected, wherein the blocking the sharing action of step 512 isresponsive to the detecting the attempt to share the particular image.The blocking the sharing action of step 512 can include preventing theparticular image from being shared with a particular application, aparticular user, or a particular user group. The blocking the sharingaction of step 512 can further include preventing the particular imagefrom being shared with more than a threshold number of targets, forexample more than a threshold number of particular applications, athreshold number of particular users, or a threshold number ofparticular user groups. Further the blocking the sharing action of step512 can be triggered based on comparing the one or more particular tagsto the plurality of settings and determining the one or more particulartags comprise a threshold number of tags corresponding to sensitivesubject matter based on the comparing, wherein the blocking the sharingaction is responsive to the determining the one or more particular tagscomprise the threshold number of tags corresponding to the sensitivesubject matter.

In an extension to the method 500 a number of times the particular imagehas been shared by the first user can be determined, wherein theblocking the sharing action is further based on the determining thenumber of times the particular image has been shared by the first user.Alternatively, a determination can be made of a number of times thatcertain images comprising the one or more particular tags have beenshared by the one or more devices, and the sharing action of theparticular image by the particular device can be blocked further basedon the number of times that the certain images comprising the one ormore particular tags have been shared by the one or more devices.Alternatively, a determination can be made of a frequency that certainimages comprising the one or more particular tags are shared by the oneor more devices, and the sharing action of the particular image by theparticular device can be blocked further based on the frequency that thecertain images comprising the one or more particular tags have beenshared by the one or more devices. Further, the second user can bequeried regarding whether they desire to block the sharing action basedon the determined frequency, an instruction to block the sharing actioncan be received from the second user responsive to the querying, and thesharing action can be blocked further based on the instruction from thesecond user.

The blocking the sharing action beneficially includes preventingtransmission of the particular image from the particular device.Alternatively, the blocking the sharing action includes modifying theparticular image and enabling sharing of the modified particular image.In addition to blocking the sharing action, in an extension to themethod 500 the particular image can be encrypted based on the pluralityof settings and the one or more particular tags. Further the particularimage can be moved from a first datastore on the particular device to asecond datastore on the particular device based on the plurality ofsettings and the one or more particular tags, the first datastore beingfor example an unencrypted datastore and the second datastore being forexample an encrypted datastore.

Other settings can be received from the second user based on other tags,and blocking the sharing action of the particular image by theparticular device can be further based on the other settings. Forexample, in a user intake or initiation process the second user can bequeried based on other tags (e.g., generic non-user specific tags), andother settings (e.g., initial user settings) can be received from thesecond user based on the other tags. Later, the second user can bequeried based on the plurality of tags, and the plurality of settings ofstep 506 can be received from the second user based on the querying thesecond user based on the plurality of tags, wherein the blocking thesharing action of the particular image by the particular device (step512) is further based on the other settings (e.g., initial usersettings).

The plurality of images of the method 500 beneficially include aplurality of metadata including a plurality of image location data, andthe particular image beneficially includes particular metadata includingparticular image location data. In an extension of the method 500, asharing policy can be determined based on the plurality of settings, theplurality of metadata, and the plurality of tags, and the sharing actionof the particular image by the particular device can be blocked based onthe sharing policy, the one or more particular tags, and the particularmetadata.

The plurality of devices of the method 500 can include the particulardevice and one or more other devices, and in an extension of the method500, one or more other sharing actions of the particular image by theone or more other devices can be blocked based on the plurality ofsettings and the one or more particular tags.

The method 500 beneficially further includes receiving from the firstuser a request to override the blocking of the sharing action (step514), receiving from the second user a granting of the request tooverride the blocking of the sharing action (step 516). For example therequest to override can be received from the first user (e.g., asupervised user) via a user device 12 by the control manager 20. Thecontrol manager 20 can forward the request to override to the seconduser (e.g., a supervisory user) via the supervisor application 40 on thesupervisor device 16, and the second user can grant the requestresponsive to the request. The sharing action is unblocked responsive tothe granting of the request from the second user (step 518). Further,explanatory text can be received from the first user, and theexplanatory text can be forwarded to the second user with the request tooverride the blocking of the sharing action.

In an alternative implementation of the method 500, a user who operatesthe one or more devices (see step 502) can be the same as the user fromwhom the plurality of settings are received (see step 506) and whorequests the override of the blocking (step 514). In such alternativeimplementation, the granting of the request (step 516) occursautomatically responsive to the request to override without further userinput, or steps 516 and 518 are omitted, and the unblocking of thesharing action is responsive to the override request of step 514.

Referring to FIG. 7 , a flowchart shows a data sharing control method600 for controlling data transmission on network-connectable devices.The method 600 includes detecting a plurality of images on one or moredevices operated by a first user (step 602), the one or more devicesincluding a particular device. A plurality of tags are determined forthe plurality of images (step 604). A plurality of settings are receivedbased on the plurality of tags from a second user (step 606). Aparticular image is detected on the particular device (step 608), one ormore particular tags of the particular image are determined (step 610),and a security action is performed on the particular image on theparticular device based on the plurality of settings and one or moreparticular tags (step 612). The performing the security action caninclude for instance encrypting the particular image. The performing thesecurity action can further include moving the particular image from afirst datastore on the particular device to a second datastore on theparticular device. Alternatively, the performing the security action caninclude providing a suggestion to the second user that the particularimage should be one or more of removed, deleted, or transferred to aparticular datastore.

In an extension to the method 600 the plurality of images can include aplurality of metadata and the particular image can include particularmetadata, a policy can be determined based on the plurality of settings,the plurality of metadata, and the plurality of tags, and the securityaction can be performed on the particular image by the particular devicebased on the policy, the one or more particular tags, and the particularmetadata.

The method 600 beneficially further includes receiving from the firstuser a request to override the performing the security action (step614), receiving from the second user a granting of the request tooverride the performing the security action (step 616), and reversingthe security action responsive to the granting of the request from thesecond user (step 618).

In an alternative implementation of the method 600, a user who operatesthe one or more devices (see step 602) can be the same as the user fromwhom the plurality of settings are received (see step 606) and whorequests the override of the performing the security action (step 614).In such alternative implementation, the granting of the request (step616) occurs automatically responsive to the request to override withoutfurther user input, or steps 616 and 618 are omitted and the unblockingof the sharing action is responsive to the override request of step 514.

FIG. 8 illustrates in abstract the function of an exemplary computersystem 1000 on which the systems, methods and processes described hereincan execute. For example, the user device 12, supervisor device 16, andcontrol manager 20 can each be embodied by a particular computer system1000. The computer system 1000 may be provided in the form of a personalcomputer, laptop, handheld mobile communication device, mainframe,distributed computing system, or other suitable configuration.Illustrative subject matter is in some instances described herein ascomputer-executable instructions, for example in the form of programmodules, which program modules can include programs, routines, objects,data structures, components, or architecture configured to performparticular tasks or implement particular abstract data types. Thecomputer-executable instructions are represented for example byinstructions 1024 executable by the computer system 1000.

The computer system 1000 can operate as a standalone device or can beconnected (e.g., networked) to other machines. In a networkeddeployment, the computer system 1000 may operate in the capacity of aserver or a client machine in server-client network environment, or as apeer machine in a peer-to-peer (or distributed) network environment. Thecomputer system 1000 can also be considered to include a collection ofmachines that individually or jointly execute a set (or multiple sets)of instructions to perform one or more of the methodologies describedherein.

It would be understood by those skilled in the art that other computersystems including but not limited to networkable personal computers,minicomputers, mainframe computers, handheld mobile communicationdevices, multiprocessor systems, microprocessor-based or programmableelectronics, and smart phones could be used to enable the systems,methods and processes described herein. Such computer systems canmoreover be configured as distributed computer environments whereprogram modules are enabled and tasks are performed by processingdevices linked through a communications network, and in which programmodules can be located in both local and remote memory storage devices.

The exemplary computer system 1000 includes a processor 1002, forexample a central processing unit (CPU) or a graphics processing unit(GPU), a main memory 1004, and a static memory 1006 in communication viaa bus 1008. A visual display 1010 for example a liquid crystal display(LCD), light emitting diode (LED) display or a cathode ray tube (CRT) isprovided for displaying data to a user of the computer system 1000. Thevisual display 1010 can be enabled to receive data input from a user forexample via a resistive or capacitive touch screen. A character inputapparatus 1012 can be provided for example in the form of a physicalkeyboard, or alternatively, a program module which enables auser-interactive simulated keyboard on the visual display 1010 andactuatable for example using a resistive or capacitive touchscreen. Anaudio input apparatus 1013, for example a microphone, enables audiblelanguage input which can be converted to textual input by the processor1002 via the instructions 1024. A pointing/selecting apparatus 1014 canbe provided, for example in the form of a computer mouse or enabled viaa resistive or capacitive touch screen in the visual display 1010. Adata drive 1016, a signal generator 1018 such as an audio speaker, and anetwork interface 1020 can also be provided. A location determiningsystem 1017 is also provided which can include for example a GPSreceiver and supporting hardware.

The instructions 1024 and data structures embodying or used by theherein-described systems, methods, and processes, for example softwareinstructions, are stored on a computer-readable medium 1022 and areaccessible via the data drive 1016. Further, the instructions 1024 cancompletely or partially reside for a particular time period in the mainmemory 1004 or within the processor 1002 when the instructions 1024 areexecuted. The main memory 1004 and the processor 1002 are also as suchconsidered computer-readable media.

While the computer-readable medium 1022 is shown as a single medium, thecomputer-readable medium 1022 can be considered to include a singlemedium or multiple media, for example in a centralized or distributeddatabase, or associated caches and servers, that store the instructions1024. The computer-readable medium 1022 can be considered to include anytangible medium that can store, encode, or carry instructions forexecution by a machine and that cause the machine to perform any one ormore of the methodologies described herein, or that can store, encode,or carry data structures used by or associated with such instructions.Further, the term “computer-readable storage medium” can be consideredto include, but is not limited to, solid-state memories and optical andmagnetic media that can store information in a non-transitory manner.Computer-readable media can for example include non-volatile memory suchas semiconductor memory devices (e.g., magnetic disks such as internalhard disks and removable disks, magneto-optical disks, CD-ROM andDVD-ROM disks, Erasable Programmable Read-Only Memory (EPROM),Electrically Erasable Programmable Read-Only Memory (EEPROM), and flashmemory devices).

The instructions 1024 can be transmitted or received over acommunications network, for example the communications network 4, usinga signal transmission medium via the network interface 1020 operatingunder one or more known transfer protocols, for example FTP, HTTP, orHTTPs. Examples of communication networks include a local area network(LAN), a wide area network (WAN), the internet, mobile telephonenetworks, Plain Old Telephone (POTS) networks, and wireless datanetworks, for example Wi-Fi™ and 3G/4G/5G cellular networks. The term“computer-readable signal medium” can be considered to include anytransitory intangible medium that is capable of storing, encoding, orcarrying instructions for execution by a machine, and includes digitalor analog communications signals or other intangible medium tofacilitate communication of such instructions.

Although features and elements are described above in particularcombinations, one of ordinary skill in the art will appreciate that eachfeature or element can be used alone or in any combination with theother features and elements. Methods described herein may be implementedin a computer program, software, or firmware incorporated in acomputer-readable medium for execution by a computer or processor.

While embodiments have been described in detail above, these embodimentsare non-limiting and should be considered as merely exemplary.Modifications and extensions may be developed, and all suchmodifications are deemed to be within the scope defined by the appendedclaims.

What is claimed is:
 1. A method comprising: detecting a plurality ofimages on at least one device operated by a first user, the at least onedevice comprising a first device; inferring a plurality of tags from theplurality of images; receiving from a second device from a second user aplurality of settings based on the plurality of tags; receiving from thesecond device from the second user other settings based on other tags;detecting a particular image on the first device; inferring at least oneparticular tag from the particular image on the first device; and movingthe particular image from a first datastore on the first device to asecond datastore based on the plurality of settings, the other settings,and the at least one particular tag.
 2. The method of claim 1, whereinthe second datastore is on the first device.
 3. The method of claim 1,the plurality of images comprising a plurality of metadata and theparticular image comprising particular metadata, the method furthercomprising: determining a policy based on the plurality of settings, theother settings, the plurality of metadata, the plurality of tags, andthe other tags; and moving the particular image from the first datastoreon the first device to the second datastore based on the policy, the atleast one particular tag, and the particular metadata.
 4. The method ofclaim 1, further comprising: querying the second user via the seconddevice based on the plurality of tags; and receiving the plurality ofsettings responsive to the querying.
 5. The method of claim 1, furthercomprising: transmitting the plurality of tags to a computing systemcomprising the second device of the second user; generating by thecomputing system a policy based on the plurality of settings, the othersettings, the plurality of tags, and the other tags; and transmittingthe policy to the first device, the moving of the particular image basedon the policy.
 6. The method of claim 1, further comprising determininga policy based on the plurality of settings, the other settings, theplurality of tags, and the other tags wherein the moving of theparticular image is based on the policy.
 7. The method of claim 1,further comprising: comparing the at least one particular tag to theplurality of settings and the other settings; and determining the atleast one particular tag comprises a threshold number of tagscorresponding to sensitive subject matter based on the comparing;wherein the moving of the particular image is responsive to thedetermining the at least one particular tag comprises the thresholdnumber of tags corresponding to the sensitive subject matter.
 8. Themethod of claim 1, further comprising: detecting the particular image ascaptured by the first device; and inferring the at least one particulartag from the particular image responsive to the detecting the particularimage.
 9. The method of claim 1, further comprising: detecting theparticular image as received by the first device; and inferring the atleast one particular tag from the particular image responsive to thedetecting the particular image.
 10. The method of claim 1, furthercomprising: querying the second user via the second device based on theother tags; receiving from the second user via the second device theother settings based on the querying the second user based on the othertags; querying the second user via the second device based on theplurality of tags; and receiving from the second user via the seconddevice the plurality of settings based on the querying the second userbased on the plurality of tags.
 11. The method of claim 1, the receivingthe plurality of settings comprising receiving an indication of at leastone of an allowable type of image or a disallowable type of image. 12.The method of claim 1, the inferring the plurality of tags comprisingapplying an image classifier to the plurality of images.
 13. The methodof claim 1, further comprising transmitting an alert to the second uservia the second device based on the plurality of settings and the atleast one particular tag.
 14. A method comprising: detecting a pluralityof images on at least one device operated by a first user, the at leastone device comprising a first device; inferring a plurality of tags fromthe plurality of images; receiving from a second device from a seconduser a plurality of settings based on the plurality of tags; receivingfrom the second device from the second user other settings based onother tags; detecting a particular image on the first device; inferringat least one particular tag from the particular image on the firstdevice; and encrypting the particular image by the first device based onthe plurality of settings, the other settings, and the at least oneparticular tag.
 15. The method of claim 14, further comprising: queryingthe second user via the second device based on the plurality of tags andthe other tags; and receiving the plurality of settings and the othersettings responsive to the querying.
 16. A method comprising: detectinga plurality of images on at least one device operated by a first user,the at least one device comprising a first device; inferring a pluralityof tags from the plurality of images; receiving from a second devicefrom a second user a plurality of settings based on the plurality oftags; receiving from the second device from the second user othersettings based on other tags; detecting a particular image on the firstdevice; inferring at least one particular tag from the particular imageon the first device; and providing a suggestion to the second user viathe second device that the particular image should be at least one ofremoved, deleted, or transferred based on the plurality of settings, theother settings, and the at least one particular tag.
 17. The method ofclaim 16, further comprising providing the suggestion to the second uservia the second device that the particular image should be at least oneof removed, deleted, or transferred to a particular datastore.
 18. Amethod comprising: detecting a plurality of images on at least onedevice operated by a user, the at least one device comprising aparticular device; inferring a plurality of tags from the plurality ofimages; receiving from the user a plurality of settings based on theplurality of tags; receiving from the user other settings based on othertags; detecting a particular image on the particular device; inferringat least one particular tag from the particular image on the particulardevice; and moving the particular image from a first datastore on theparticular device to a second datastore based on the plurality ofsettings, the other settings, and the at least one particular tag. 19.The method of claim 18, wherein the second datastore is on theparticular device.
 20. The method of claim 18, the plurality of imagescomprising a plurality of metadata and the particular image comprisingparticular metadata, the method further comprising: determining a policybased on the plurality of settings, the other settings, the plurality ofmetadata, the plurality of tags, and the other tags; and moving theparticular image from the first datastore on the particular device tothe second datastore based on the policy, the at least one particulartag, and the particular metadata.
 21. A method comprising: detecting aplurality of images on at least one device operated by a user, the atleast one device comprising a particular device; inferring a pluralityof tags from the plurality of images; receiving a plurality of settingsbased on the plurality of tags from the user; receiving other settingsbased on other tags from the user; detecting a particular image on theparticular device; inferring at least one particular tag from theparticular image on the particular device; and encrypting the particularimage by the particular device based on the plurality of settings, theother settings, and the at least one particular tag.
 22. Anetwork-enabled system comprising: a first computing system comprisingat least a first processor and at least a first non-transitory computerreadable storage medium having encoded thereon first instructions thatwhen executed by the at least the first processor cause the firstcomputing system to perform a first process including: detecting aplurality of images on the first computing system; inferring a pluralityof tags from the plurality of images; transmitting via a network theplurality of tags; detecting a particular image on the first computingsystem; inferring at least one particular tag from the particular image;and moving the particular image from a first datastore on the firstcomputing system to a second datastore; and a second computing systemcomprising at least a second processor and at least a secondnon-transitory computer readable storage medium having encoded thereonsecond instructions that when executed by the at least the secondprocessor cause the second computing system to perform a second processincluding: receiving the plurality of tags from the first computingsystem; querying a user based on the plurality of tags; receiving aplurality of settings from the user responsive to the querying based onthe plurality of tags; querying the user based on other tags; receivingother settings from the user responsive to the querying based on theother tags; and transmitting the plurality of settings and the othersettings to the first computing system; wherein the moving of theparticular image by the first computing system is based on the pluralityof settings, the other settings, and the at least one particular tag.23. The network-enabled system of claim 22, wherein the second datastoreis on the first computing system.